1. 首頁
  2. 問答
  3. 有沒有辦法修改C#中的進程DACL

有沒有辦法修改C#中的進程DACL

2009-12-15 82 views
6

我有遺留的C++代碼,它改變了進程DACL,並試圖使用.NET 3.5中的託管代碼類。我在網上找到了代碼,在那裏有人創建了一個SetAclOnServices類來擴展NativeObjectSecurity類的服務。我認爲我可以實現這一點,只是將ResourceType.Service更改爲ResourceType.KernelObject,但是當我調用GetAccessControl時,它會失敗並顯示File Not Found錯誤。有沒有辦法修改C#中的進程DACL

來源

2009-12-15 Marcy Black

回答

10

聖誕快樂。

public class ProcessSecurity : NativeObjectSecurity 
{ 
    public ProcessSecurity(SafeHandle processHandle) 
     : base(false, ResourceType.KernelObject, processHandle, AccessControlSections.Access) 
    { 

    } 

    public void AddAccessRule(ProcessAccessRule rule) 
    { 
     base.AddAccessRule(rule); 
    } 

    // this is not a full impl- it only supports writing DACL changes 
    public void SaveChanges(SafeHandle processHandle) 
    { 
     Persist(processHandle, AccessControlSections.Access); 
    } 

    public override Type AccessRightType 
    { 
     get { return typeof(ProcessAccessRights); } 
    } 

    public override AccessRule AccessRuleFactory(System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) 
    { 
     return new ProcessAccessRule(identityReference, (ProcessAccessRights)accessMask, isInherited, inheritanceFlags, propagationFlags, type); 
    } 

    public override Type AccessRuleType 
    { 
     get { return typeof(ProcessAccessRule); } 
    } 

    public override AuditRule AuditRuleFactory(System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) 
    { 
     throw new NotImplementedException(); 
    } 

    public override Type AuditRuleType 
    { 
     get { throw new NotImplementedException(); } 
    } 
} 

public class ProcessAccessRule : AccessRule 
{ 
    public ProcessAccessRule(IdentityReference identityReference, ProcessAccessRights accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) 
     : base(identityReference, (int)accessMask, isInherited, inheritanceFlags, propagationFlags, type) 
    { 
    } 

    public ProcessAccessRights ProcessAccessRights { get { return (ProcessAccessRights)AccessMask; } } 
} 

[Flags] 
public enum ProcessAccessRights 
{ 
    STANDARD_RIGHTS_REQUIRED = (0x000F0000), 
    DELETE = (0x00010000), // Required to delete the object. 
    READ_CONTROL = (0x00020000), // Required to read information in the security descriptor for the object, not including the information in the SACL. To read or write the SACL, you must request the ACCESS_SYSTEM_SECURITY access right. For more information, see SACL Access Right. 
    WRITE_DAC = (0x00040000), // Required to modify the DACL in the security descriptor for the object. 
    WRITE_OWNER = (0x00080000), // Required to change the owner in the security descriptor for the object. 

    PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF, //All possible access rights for a process object. 
    PROCESS_CREATE_PROCESS = (0x0080), // Required to create a process. 
    PROCESS_CREATE_THREAD = (0x0002), // Required to create a thread. 
    PROCESS_DUP_HANDLE = (0x0040), // Required to duplicate a handle using DuplicateHandle. 
    PROCESS_QUERY_INFORMATION = (0x0400), // Required to retrieve certain information about a process, such as its token, exit code, and priority class (see OpenProcessToken, GetExitCodeProcess, GetPriorityClass, and IsProcessInJob). 
    PROCESS_QUERY_LIMITED_INFORMATION = (0x1000), 
    PROCESS_SET_INFORMATION = (0x0200), // Required to set certain information about a process, such as its priority class (see SetPriorityClass). 
    PROCESS_SET_QUOTA = (0x0100), // Required to set memory limits using SetProcessWorkingSetSize. 
    PROCESS_SUSPEND_RESUME = (0x0800), // Required to suspend or resume a process. 
    PROCESS_TERMINATE = (0x0001), // Required to terminate a process using TerminateProcess. 
    PROCESS_VM_OPERATION = (0x0008), // Required to perform an operation on the address space of a process (see VirtualProtectEx and WriteProcessMemory). 
    PROCESS_VM_READ = (0x0010), // Required to read memory in a process using ReadProcessMemory. 
    PROCESS_VM_WRITE = (0x0020), // Required to write to memory in a process using WriteProcessMemory. 
    SYNCHRONIZE = (0x00100000), // Required to wait for the process to terminate using the wait functions. 
}

來源

2009-12-16 00:18:59 nitzmahone

+0

謝謝,祝你聖誕快樂!我已經實現了這一點,添加一個SafeHandle類,我的進程安全描述符可以被修改,但它似乎沒有做我想做的事情。我試圖否認程序正確終止。我在添加拒絕規則之前和之後得到安全描述符,它看起來應該可以工作,但我仍然可以終止程序。我是否需要在進程安全描述符上設置訪問控制? – 2009-12-16 19:35:54

+0

這可能與您是所有者這一事實有關 - 可能存在一些未公開的特殊情況,用於處理ACL的自動特權擴展。拒絕ACE *應該總是優先於允許。也許嘗試改變主人看看是否有任何影響。 – nitzmahone 2009-12-16 20:54:45

+0

對不起,是的 - 您需要添加對受保護的Persist方法的調用,才能將ACL寫入進程。我沒有仔細查看NativeObjectSecurity。我添加了一個「SaveChanges」方法,將進程句柄傳遞給Persist,並且這樣做了。 – nitzmahone 2009-12-16 21:14:35

相關問題

 相關問題